[html5] r4630 - [giow] (0) Block pushState() and replaceState() from changing URLs when used by [...]
whatwg at whatwg.org
whatwg at whatwg.org
Wed Jan 27 15:06:54 PST 2010
Author: ianh
Date: 2010-01-27 15:06:52 -0800 (Wed, 27 Jan 2010)
New Revision: 4630
Modified:
complete.html
index
source
Log:
[giow] (0) Block pushState() and replaceState() from changing URLs when used by text/html-sandboxed content, to prevent them from spoofing other pages on the same origin.
Modified: complete.html
===================================================================
--- complete.html 2010-01-27 22:34:17 UTC (rev 4629)
+++ complete.html 2010-01-27 23:06:52 UTC (rev 4630)
@@ -56009,7 +56009,16 @@
raise a <code><a href=#security_err>SECURITY_ERR</a></code> exception and abort these
steps.</li>
- </ol><p>For the purposes of the comparison in the above substeps, the
+ <li>If the <a href=#origin>origin</a> of the resulting <a href=#absolute-url>absolute
+ URL</a> is not the same as the <a href=#origin>origin</a> of the
+ <a href=#entry-script>entry script</a>'s <code title="script's browsing
+ context"><a href="#script's-browsing-context">browsing context, and either the <span title=url-path><path></span> or <span title=url-query><query></span> components of the two
+ <span title=URL>URLs</span> comparedi in the previous step
+ differ, raise a <code>SECURITY_ERR</code> exception and abort
+ these steps. (This prevents sandboxed content from spoofing other
+ pages on the same origin.)</a></code></li>
+
+ </ol><p>For the purposes of the comparisons in the above substeps, the
<a href=#url-path title=url-path><path></a> and <a href=#url-query title=url-query><query></a> components can only be the
same if the URLs use a hierarchical <a href=#url-scheme title=url-scheme><scheme></a>.</p>
Modified: index
===================================================================
--- index 2010-01-27 22:34:17 UTC (rev 4629)
+++ index 2010-01-27 23:06:52 UTC (rev 4630)
@@ -55923,7 +55923,16 @@
raise a <code><a href=#security_err>SECURITY_ERR</a></code> exception and abort these
steps.</li>
- </ol><p>For the purposes of the comparison in the above substeps, the
+ <li>If the <a href=#origin>origin</a> of the resulting <a href=#absolute-url>absolute
+ URL</a> is not the same as the <a href=#origin>origin</a> of the
+ <a href=#entry-script>entry script</a>'s <code title="script's browsing
+ context"><a href="#script's-browsing-context">browsing context, and either the <span title=url-path><path></span> or <span title=url-query><query></span> components of the two
+ <span title=URL>URLs</span> comparedi in the previous step
+ differ, raise a <code>SECURITY_ERR</code> exception and abort
+ these steps. (This prevents sandboxed content from spoofing other
+ pages on the same origin.)</a></code></li>
+
+ </ol><p>For the purposes of the comparisons in the above substeps, the
<a href=#url-path title=url-path><path></a> and <a href=#url-query title=url-query><query></a> components can only be the
same if the URLs use a hierarchical <a href=#url-scheme title=url-scheme><scheme></a>.</p>
Modified: source
===================================================================
--- source 2010-01-27 22:34:17 UTC (rev 4629)
+++ source 2010-01-27 23:06:52 UTC (rev 4630)
@@ -63294,9 +63294,20 @@
raise a <code>SECURITY_ERR</code> exception and abort these
steps.</li>
+ <li>If the <span>origin</span> of the resulting <span>absolute
+ URL</span> is not the same as the <span>origin</span> of the
+ <span>entry script</span>'s <code title="script's browsing
+ context">browsing context</span>, and either the <span
+ title="url-path"><path></span> or <span
+ title="url-query"><query></span> components of the two
+ <span title="URL">URLs</span> comparedi in the previous step
+ differ, raise a <code>SECURITY_ERR</code> exception and abort
+ these steps. (This prevents sandboxed content from spoofing other
+ pages on the same origin.)</li>
+
</ol>
- <p>For the purposes of the comparison in the above substeps, the
+ <p>For the purposes of the comparisons in the above substeps, the
<span title="url-path"><path></span> and <span
title="url-query"><query></span> components can only be the
same if the URLs use a hierarchical <span
More information about the Commit-Watchers
mailing list